How do you like the self hosted approach? I contemplate it every so often, but I’m not sure that my sysadmin abilities (and attention) are enough to keep it secure.
True, but the alternatives generally are either a pain in the ass or require yet another syncing service to have sensitive info just so I can access things reliably anywhere.
It is still more secure than SMS and email based options.
Besides, my vaultwarden still needs an MFA code to access in the first place, and that’s handled by a separate generator.
I’m willing to accept the slight security difference in exchange for the convenience of having access on a single app 99.9% of the time.
To get into my Vaultwarden in the first place to get my info they’d first have to know my self-hosted server exists to target. And they’d need to compromise that MFA which is handled by a separate unrelated app.
That’s more than enough security for nearly everyone on the planet.
Sure. But if your bitwarden is protected by a 50char password AND a yubikey, it’s not that big of a tradeoff imo. That’s what I do, but I have hundreds of MFA tokens and it was PAINFUL to auth a lot of the time when I was using an authenticator app.
I transitioned everything to Bitwarden. Password manager, passkeys, and MFA code generation all in one app that works on all of my devices.
And then I started to self-host it via Vaultwarden and transferred all the data.
How do you like the self hosted approach? I contemplate it every so often, but I’m not sure that my sysadmin abilities (and attention) are enough to keep it secure.
A friendly FYI: having your passwords and MFA in one place partially defeats the purpose
True, but the alternatives generally are either a pain in the ass or require yet another syncing service to have sensitive info just so I can access things reliably anywhere.
It is still more secure than SMS and email based options.
Besides, my vaultwarden still needs an MFA code to access in the first place, and that’s handled by a separate generator.
I get that not everyone wants to set up something like Aegis in combination with e.g. Syncthing.
Of course it is still better than SMS and email, but I would recommend you check out Ente Auth and/or Proton Auth.
Both are end to end encrypted and you would at least have it in separate apps
I’m willing to accept the slight security difference in exchange for the convenience of having access on a single app 99.9% of the time.
To get into my Vaultwarden in the first place to get my info they’d first have to know my self-hosted server exists to target. And they’d need to compromise that MFA which is handled by a separate unrelated app.
That’s more than enough security for nearly everyone on the planet.
Perfectly valid, everyone has their own threat model and their own standards.
Sure. But if your bitwarden is protected by a 50char password AND a yubikey, it’s not that big of a tradeoff imo. That’s what I do, but I have hundreds of MFA tokens and it was PAINFUL to auth a lot of the time when I was using an authenticator app.
Bitwarden is just so awesome